I noticed a new rule in my WAF configuration, but I cannot identify the cause of its creation
Under what circumstances does CloudFront automatically create a WAF rule named CreatedByCloudFrontForDistributionecccccccccc-Geo-BlockRule regarding geographic restrictions? We can confirm that we have not manually modified the CloudFront geographic restrictions settings. Could you please help investigate the cause of this auto-creation? Thank you all for your assistance.
- 語言
- English
- 最新
- 最多得票
- 最多評論
As far as I know, this behavior is expected when using the CloudFront console to manage geographic restrictions while a Web ACL is already associated with your distribution. So, when you enable Geographic Restrictions (Allow or Block list) directly in the CloudFront console, AWS automatically manages this requirement by creating a managed rule in the associated AWS WAF Web ACL.
The rule name CreatedByCloudFrontForDistribution[ID]-Geo-BlockRule is the standard naming convention used by this automation. This happens even if you didn't manually open the WAF dashboard; CloudFront "provisions" this rule on your behalf to ensure the restrictions are enforced at the edge.
How to verify the cause
To identify who or what triggered this, you can check AWS CloudTrail for the following sequence of events:
- EventSource:
cloudfront.amazonaws.com-> Look for theUpdateDistributionevent. - EventSource:
wafv2.amazonaws.com-> Look for a correspondingUpdateWebACLevent occurring at the same timestamp.
you need to note
- Automatic Sync: If you remove the geographic restrictions in the CloudFront settings, the corresponding WAF rule is typically removed automatically.
- Manual Changes: It is generally recommended not to modify or delete these "CreatedByCloudFront" rules manually within the WAF console, as this can lead to configuration drift between CloudFront and WAF.
for details, you can refer to the official documentation on Restricting the geographic distribution of your content:
相關內容
- 已提問 1 年前
- 已提問 1 年前
- 已提問 1 個月前
